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entity device (31). The terminal (1) it adapted 
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blgh level leeuesti bdopendent of the module (I) 
and of said peisoaai security device (31). One at 
feast of Ac- tertnhial module (I) tnd the persons* 
security device (31) compris e s a reprofiaiiimabk; 
Jtorat* memory and mean* for exeewtinj * iner 
software (F) translating the high level reqsestt 
into at teast one of (I) at least one data exchange 
seqttenoe between eke terminal module (I) and 
the user or (U) at feast an elementary command 
or sequence of cxmsmaads executable by the per- 
sonat aecurtty device* and meant for protecting 
said fleer software (F, 62) to prevent any raodift- ~-umc9mm**a 
catiOB of aid software by a ecMuAoHsed per- 
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The present invention concerns a temiinai and a system for performing secure 
eleUutw c transactions. 

Pubic digital data transmission networks, such as tie Internet, are axpandteg at a 
considerable rate. However, the performing of secure etecfronic transfers on this type of network 
is currently being hampered, among other things, by the lack of security mechanisms associated 
wifc such transactions, reflected m a lack of confidence on tie part of network users and 
operators. 

tn the context of this appficabon: 

- an electronic transaction designates an exchange of Information via a pufcfc digra 
data transmission or telecommunication network, either b etwee n two or mote users or bet w een a 
user and a service provider, 

• a function is a process carried out in order to render a service to a user, 

- an appteation designates a consistent set of services and functions, 

-the expression "application software* designates the software needed to perform tie 
functions relating to a given application, and 

-a secure transaction is a transaction for which security measures are implemented, 
namely authentication of the en&Ses participating to the transaction. Integrity, confidenlalty, 
authenticity and possfory non-repudtetkm of exchanges and operations effected in the context of 
the transaction. 

Many appfcabons require secure electronic transactions. Examples are centreing 
access to computer or srmiar resources, tome banking (statements, transfers between 
accounts, etc ... via the telephone network or the Internet), electronic trading (purchase of goods 
or services via a public network), electronic mai, electronic purse, etc. 

These and other applications requiring secure transactions are well known to the 
skffled person and are not described in detail here. 

Depending on their nature, rendering such appfcafcxw secure necessitates the use of 
one or more security services such as: 

- authenticated to guarantee the identity of an entity (a person or a system); 

- access control, protecting against unauthorised use or manipulation of resources; 

- confidential prohibting disclosure of data to unauthorised entities; 

* data integrity, which assures that data has not been modified, defeted or substituted 
without authorisation, am) 

- norwepudiatiori, which assures that a participant in an exchaige of data cannot 
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subsequently deny the existence of the exchange. 

The combination of two existing techniques makes I feasible Id employ the above 
security services, so offering a sufficient level of security for the performance of electronic 
transactions. 

These are! 

- pubic key and private key cryptography, because ft guarantees non-repudiation and 
facilitates management of keys; and 

- the integrated circuit card (or smart card), because It is relatively inexpensive, e«y to 
use and re&abte because it uses dedicated microprocessors wtth hardwve and software 
protection features so fiat read and write mode access to their memory can be barred. 

Integrated circuit cards offer the following services: 

* authentication of the cardholder or user, this operation authenticates fce cardholder 
by means of a confidential code after which the card allows operations such as executing 
algorithms, reading secret keys, reading or writing data on the card, which cot also be subject to 
other security conditions; 

* protection of data and functions stored on the integrated circuS cvtt. Access to the 
card can be subject to prior authentication of the electronic entity requesting to access ft. Thfs 
external authentication is generafr effected in chatenge/rosportse mode. In this rase the entity 
has a secret parameter, hereinafter also caied the secret, enabling it to calculate, depending on 
a chattenge issued by tin card, a response that wtl prove to the card that it ism possession of 
the secret 

* execution of cryptographic algorithms using a secret parameter stored on the cad 
(encipherment message authentication, signature); am) 

* internal authentication. This service enables an application to authenticate the card. 
This service is the inverse of external authentication. The card generates a response to a 
challenge received and a secret stored on the cart. 

The services offered by means of the integrated circuit card are performed on receipt of 
so-cafted elementary commands, execution of the elementary command causing the sending of 
elementary responses. The el emen ta ry commands concern, for example, cryptographic 
calculations, reading or writing of secret or other data, Intervention of the user (entry of their 
personal confidential code (PIN), validation of a transaction after signature), and return of 
information to the user (display of messages to be signed, for example) . 

Some cards offer the facity to verify the integrity, source and even the ronfidentiaiity of 
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commands sent to the card. These services am based on techniques of authentfcafrig and 
enciphering the commands. 

The current use of integrated circuit {or mfcrocirctift) cards offers a very high level of 
security because the transactions are essentialy perform*} on private networks aid terminals 
(automatic teler machkies, point of sale terminals, for example) which are under the control of an 
entty assuring the security of the system as a whole* 

fn such appflcafera, users or abusers do not have access to the *>pica6on softwae 
or to the hardware and software security mechanisms of the terminals. 

In contrast performing secure tatsactsons using integrated circuit cards on a puttie 
network presupposes that users have access to a card reader terminal module, given that 
nrscrodrcuit cards do not have their own electrical power supply and that using them requires a 
reader that can power them up and estabfeh communication with the user and/or extern* 
eiectaonic means. 

At present, to perform a transaction on a public network, the user employs a terminal 
that can be a dedicated product a personal computer or a personal computer connected to an 
integrated circuit card by a card reader. 

In all cases, the transaction system accessible to the user generally conprises: 
•an application service provider, for example an internet browser, an electronic mafl program , a 
home banking program, 

•a high-level security service provider enabfing execution of low-level cryptograph mechwiisma 
required by the appBcatfon. 

The apptcatkm service provider Issues requests for high-level security services to 
assure the security of fre transactions performed. 

If the application b installed on tie user's personal computer, the ayptogr^jhfc 
services referred to are, for example, those defined by RSA laboratories in Its standard "PKCS 
11 : Cryptographic Token Interface Standard* or the cryptographic services offered by the 
Microsoft Windows NT operating system, In particular those available via the •Crypto APT 
application program interface (API). 

If the user does not have an integral mienxarewt card reader, the cryptographic 
sendees are effected entirely by software. 

If the user wishes to enhance security, they use a transparent type ftegrated crajft 
cart reader connected to fheir computer. A transparent type card reader is in fact an interface 
module between the computer and the integrated circuit card for transmitting elementary 
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commvute front the computer, originating from the cryptographic service provider, to the card, 
and elementary responses from the card to the computer. Using this terminal, consisting of thee 
terminal module - computer + reader - coupled to their cant, a user can perform electronic 
transactions (electronic shopping, for example). 

Of course, access of users to a terminal of Ifits kind generates potential security risks. 

The more decentraiaed the appli^ Conversely, the better Ihe 

control of the risks at toe terminal end, tie more decentralised can the appfcations be. Consider 
purse type applications, for example, in which transactions (purchaser card debit/merchant card 
credit) are effected card-to-carrf, without requiring cansoidaton rf the transactions at the level of 
a centralised server. 

it follows from the foregoing tfecussbn that a terminal can potentialy contain a set of 
information (or even software) on whose confidentiality and integrity (he security of the 
applcatfon reies. Consider, for example, secret keys used to authenticate the terminal modifies 
vis d vis the card or to encipher data transferred between a server and the cant reader terminal 
module. An abuser with access to the terminal can analyse its operation and obtain access to 
the confidential information and software. 

Note also that the applications referred to here, such as otactronk, shopping and 
electronic mail, are usuaiy performed via the Internet Experts are wag aware thai a personal 
computer (PC) connected to the Internet is highly vulnerable to viruses which can be instated 
and execute on the user's PC without them knowing it and without them aOowing physical access 
to their computer to anyone at aM. The totaly invisible nature of this type of threat is the red 
danger currently imiting the deployment of transaction-based applications using the internet 
The same comments apply to electronic shopping applications on cable TV networks using set- 
top boxes connected to tie TV set and incorporating one or two smart csrd readers. 

The system level risks are then: 

•Attack on the integrity of the cryptographic service provider and the application 
service provider with the aim of modifying the behaviour of the terminal module: for example, the 
terminal module is modiied to capture information associated with the card and to store the 
informalon obtained for subsequent communication to a counterfeit server. This attack can be 
carried out unknown to the legitimate user (substitution of the user's terminal module or ban of a 
modified terminal module). This attack can then be generalised by circulating counterfeit 
terminal modules. 

•Attack on the confidentiality of the cryptographic service provider, with the aim of 
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obtaining to cryptographic keys they use, which are stored on to hard disk of a computer, for 
example. 

• Attack on otor cards, based on to abflity to autienficate the abuse visa vis otter 
cards by virtue of to secrets dfecovered by attacking the canfidentiaMy of the service provider. 

• Attack on the integrity and the conSdentlafity of communicaSons between to various 
entities (appficalton service providers, cryptographic service providers, integrated cfrcui card 
reader, integrated cfrcud cart, server) to break to chain of confidence established between 
these elements. For example! 

1 -dedpheririgcomrrijnkarticTO between server and terminals; 

2 - inserting tod party software bctwoon the appication service provider and 
the cryptographic service provider to break to chain of confidence between these two programs 
or fo substitute tor to appfcafcm software tod party software causing to security service 
provider to execute security requests with a different aon to that of the application known to to 
user. 

• Attack on servers (in to case of an on-line app ficaO u n) : connectio n of a counterfeit 
terminal to a server, emulation of a terminal rnorfulaAntegrated circuit card combination to obtain 
advantages. 

An attack on to chain of confidence between the cryptogr ap hi c service provider and 

to appfication service provider in the context of an application requiring an eiectronic fransaction 
using an integrated circuit card to be signed is llustrated hereinafter. The transaction proceeds 
as follows: 

- Step 1: verification of to personal confidential code (PIN) of the user, entered by to 
latter via a keypad associated with their terminal module, to code entered being sent to the card 
for verification by the latter. 

• Step2 : authentication of the terminal module. The latter sends a "challenge request* 
command (a challenge is a random or pseudo-random number). The integrated circuit card 
generates to challenge and sends it to the terminal module. The terminal moduie sends the 
card an •external agtonttcafion" command accompanied by a response consisting of the 
challenge enciphered by a key heid by the terminal module. The integrated circuit card then 
verifies to response received. 

■ Step 3; if steps 1 and 2 are executed satisfactorily, the integrated circuit card is ready 
to receive and to execute to signature corranand, Le. command of endphermerit using a secret 
key stored on tie card, of to result of a hashing operation performed on to transaction entered 
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by tte user. After this e nd p her me nt the cart sends to (he terminal module toe signature 
consisting of the result of Che hiding operation enciphered ki this way. 

If the Integrity of the apptication software (application service provider and its 
cryptographic service provider) is not assured, a hacker does not need to know the secret code 
5 and keys to pirate the transaction system; al that is necessary is to implant in the tannin ad 
module, for example the personal computer to which an integrated circuit card reader is 
connected, virus type software which In step 3 diverts the authentic data to be signed and sends 
falsified data to the card. Given that stops 1 and 2 have been executed in a satisfactory mower, 
the card wi ften sign the falsified data on the basis of the PIN foat the user has entered and the 

io user wfll bofiovo that the card is about to sign their own data 

The preceding example shows the necessity of protecting not only the confidential 
infoftnation used in the context of a tr ansa ction but also fre integrity of the transaction, le. the 
integrity of the behaviour of each entity involved in the transaction, together wtth the integrity of 
the behaviour of ai of the software, assuring thai the chain of confidence estabSshed between 

15 tie various entities is broken 

The rides of attack mentioned hereinabove are currently covered in part by terminals - 
integrated circuit card readers integrating security modtfes (SAM. simflartoan integrated drctf 
can!) used m the context of puree appticattons in particular. The reader is then personaKsad by 
a SAM and assigned to a merchant the cards read being those of customers. The SAM 

20 contains secret information and is able to execute algorithms using the secret information. 
However, it does not contain means for controlling communication with the user, wtth the 
integrated circuit card and/or with external electronic means, and for this reason the security of 
tra n sac tio ns is not assured. 

Document WO 9S&4328 discloses a terminal module comprising user interface means 

25 and interface means to external electronic means (hereinafter called external interface means) 
including an interface with a rrucrocircuit card. The microprocessor of the termini module 
comprises data storage means (ROM, EEPROM, RAM). The data stored in permanent memory 
(ROM) includes an operating system, managers of external components controOrtg the 
interfaces and peripheral devices, and an interpreter capable of interpreting program modules 

30 written in a specific language. The program modules are stored in tte semipermanent memory 
EEPROM and can be loaded into temporary memory RAM to be executed by the mi cr op rocessor 
on activation of an appropriate interface by the user. The program moduies corresponding to the 
applications of the terminal module are downloaded into tie EEPROM of the microprocessor or 
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into a mjcrodrcui card from an external server. 

The terminal module of document WO 96/04328 can operate: 

• in autonomous terminal module mode, the microprocessor of the terminal module 
executing a program module stored In an internal memory witoout caftng on an Integrated circuit 
card; 

• in autonomous termhai mode, in which a program module stored on a card is 
executed; 

-In extended terminal mode or on-few mode, in which the microprocessor of the 
terminal module or that of the card executes a program module and communication is 
established via the telephone, a modem or a direct connection to a service provider or a server, 
and 

- in transparent memory card reader mode, in which Instructions received over a send 
ink are sent directly to the cad and vice versa. 

The terminal described in document WO 95/04328 does not deal with security 
problems addressed by the mvention m that them is no description of how to secure a 
transaction to guarantee the integrity of the behaviour of all of the software executing (he 
transaction, to particular there is no description of means for executing high-level requests 
issued by the appfoation or how to guarantee the source, the integrity and the confidentiality of 
such means. 

The present invention aims to provide a terminal tor carrying out secure electronic 
transactions of the type comprising a personal security device such as an integrated droit card 
or other device furWtng the same functions and a terminal module provided with means of 
interfacing the personal security device , such as an Integrated circuit card reader, and offering by 
virtue of its software andtor hardware architecture and toe security mechanisms that it includes 
an enhanced level of security compatible with the fad that the terminal can be under the control 
of users (as opposed to terminals under toe confrol of toe operators). 

A second objective of tie invention Is to assure this same level of security whSst 
enabfng integration, during use, of new functions or applications, or modffication of existing 
functions or applications without having recourse to a muttitiide of different terminal modules and 
without changing terminal modules to effect such modifications. 

To this end, toe invention consists in a terminal for execution of secure electronic 
transactions by a user in conjunction with at least one appfcation instaled on an electronic unit 
said terminal comprising: 
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- a terminal module Induding at least 

*twsl interface means w& said application for receiving from ft requests 
relating fo said transactions, 

* second interface means with said user; 

* third Interface means with a personal securfcy device, 

*fte data processing means co mpri si ng at least first software mem for 
controBng said interface means, &id 

- a personal securfty device including at least second secure data processing mem 
comprising at least second software means for execuing elementary commands and means for 
executing cryptographic computations, 

characterised in that 

-said terminal is adapted to receive said requests from said appficabon totalled on 
said electronic unit in the form of high-level requests independent of said personal security 
device. 

- at least one of said terminal modute and said personal security device comprises: 

* at least one programmable memory for storirig at teast one ftter program for 
translating said high-level requests into at least one of either (0 at test one command or a 
sequenced elementary ^ con«aidsioti)eteg e)cecuiad by said seoc^ software means of said 
second data processing means, or (I) at least one sequence of date exchanges between said 
terminal modute and said user via said second interface mews, said data exchanges being 
executed by said frst software mem of said first data processing means. 

* means for protecting said fitter software to prevent an unauthorised person 
reading and/or modifying said software, and 

-at feast one of said first and said second data processing means comprise a date 
processing device for executing said fitter program. 

The invention defined hereinabove achieves the security objectives required for 
carrying out electronic transactions by virtue erf the fact that ft describes a titer or ftrewaT 
between the external wortd. I.e. the a ppl ication s themselves, and the security means and 
peripheral devices that it controls, by means of a logical interface defining the format of high- 
level requests issued by the applications and of a translation software for processing these 
requests. 

The terminal of the invention preferably comprises one or mom of the following 
features, posstoty in combination: 
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-said device for executing tie liter program comprises first means for identifying 
and/or authenticating said appicafon hstefied on said unit or the source of sad requests sent by 
sara appacason, 

• said data processing device for executing said filter program comprises means for 
verifying the integrity of data received from said appftcation , 

. said date processing device lor executing said filer program comprises centrafised 
means for controing conditions of use of services of the personal security device in accordance 
with said apptcation and/or foe user, 

- said data processing device for executing said filter program comprises: 

* means for commanding secured foacfing of said Star program info said 
programmable memory via said first or said third interface means from an entity external to said 
module, and 

• first access control means for authorising said bacfing of said filter program 
only in response to at least one predefined condRfon, 

- the terminal comprises second means for authentication of said first data processing 
means by said second date processing m e ans , 

- the terminal comprises third means for authentication of sakj second date processing 
means by sakt first data processing means, 

-the terminal comprises a first communication channel between said first date 
processing means and said second data processing means and first means for securing sad 
first communicafon channel, 

- the terminal c omp ri ses fourth means for authentication of said terminal module by 
said user, Independently of said card, 

* said fourth authentication means comprise means for calculation by said first Ma 
processing mem and for presentation to said user via said second interface means of a 
password known to said user mi computed on the basis of a first secret parameter stored in 
said fast date processing means, 

- the terminal comprises fifth means for conjoint authentication of sad terminal module 
and said card by said user, and 

~ said fifth authentication means comprise means for computation by said device for 
executing said ffiter program and for presentation to said user via said second interface meats of 
a password known to said use and computed on the basis of at least second and third secret 
parameters stored respectively in said first date processing means ami said second data 
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processing moans. 

In a feat embodiment of the invention the terminal module is a personal computer and 
sad programmable memory is the had cfisfc of said computer, said fitter software Is executed on 
toe personal computer, or in a second mode of execution said programmable memory is on a 
5 secure server connected to the personal computer, the part of the fftar software to be protected 
being executed on said secure setver. 

In a second embedment of the invention the terminal module ts a device such as a 
dedicated integrated circuit card reader, in which case said personal security device is an 
integrated circuit card or a personal computer. This embodment differs from the preceding one 
10 hi that said programm able memory is integrated Into a secure microprocessor, sad fitter software 
being executed In said secure microprocessor. The dedicated terminal moduie can be portable. 

Depending on the mode of exec ut io n of this second embodiment of the Invention, the 
programmable memory for loading ml storing the ffltar software can be in the personal security 
device or in the terminal module. In the latter case: 
15 - the terminal module can Include a single microprocessor for executing the titer 

software and for controling the interfaces or two micro processors respectively implementing 
these two funcSons ; 

- preferably, said fiHer program comprises at tost one secret parameter, and said 

second data processing means comprise second means of conditional access control for 
2 o authorising execution of sad cryptographic computations in response to elementary commands 
generated by said filer program only if at least a second predefined condition depending on said 
secret parameter is satisfied. 

According to other features of tie Invention, when the terminal moduie co mp ri se s two 
microprocessors for executing the fitter software and for controlling the interfaces : 
25 -the terminal comprises a second communication channel between said first software 

means for controlling the interface means and said microprocessor and second means for 
securktg said second communication channel ; 

* said second securing means comprise means for encryption and decryption, by said 
first software means for controlling the interface means and said second microprocessor, of data 
30 sent on said second commumcaton channel on the basis of at least a fifth secret parameter 
stored in memory on said storage means ; 

- said second securing means comprise first physical means for piutoc ti ng said second 
communication channel against intrusion. 
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Various emboAnente of the invention vaI now be described with reference to the 
accompanying faming*, in particular embodiments in which the iter software ts baded and 
executed In the terminal to guarantee Its source, Its esnfidenfoffiy and its integrity, the software 
being also able to aufrenfcate the source of requests sent to it If confidence in (he interfaces 
with he user, Le. the screen and the keyboard, cannot be guaranteed. 

-Figure 1 is a diagram showing the functional architecture of a system for carrying out 
secure t/an s adjun* by means of a terminal in accordance wtti the invention; 

- Figure 2A shows a first embodiment of the invention in which the terrain* is a 
personal computer connected to an integrated circuit card by a reader, the application being 
instated on the personal conqniter or on a remote server 

- Figure 2Bexpia)rts to furrtior^ 

the Invention En which the personal computer serving as a terminal is connected to a security 
server or which the fBter software is instated; 

-Figure 3 shows a transaction system using a terminal constituting a second 
embedment of tie invenfon, which can be a defeated product connected as a peripheral 
device to a personal computer or dtrecdy to a server or based on a personal computer, 

• Figure 4A is a biock diagram of the hardware architecture of the electronic circuits of a 
first mode of execution of the terminal from figure 3; 

- Figure 4Bisa bnctionai tfiagram Wustrating a first software architecture configuration 
of the terminal from figure 4A; 

- Figure 4C is a functional diagram similar to tut of figure 4B showing a second 
software architecture configuration of the terminal from figure 4A; 

- Figure 5 is a block cSagram of the hardware architecture of the electronic rircute of a 
second mode of execution of the autonomous terminal from figure 3; 

- Figure 6 is a block cfiagram of the hardware architecture of the electronic circuits of a 
third mode of execution of the autonomous terminal from figure 3; 

-Figure 7 is a diagram Iustrating the conventional software architecture of a 
microcircuft card; 

-Figure 8A is a diagram ihistrattog the software architecture of a transaction system 
comprising the terrranal from figure 4A; 

-Figure 89isa diagram iustrating the software architecture of a transaction system 
comprising the term&ial from figure 6; 

- Figure 9 is a diagram Iustrating the i mp lemen tati on of an el e ctronic trading 
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appQcabon by moans of a system in accordance with tie invention; and 

-Figure 10 is a flowchart showing the process of downloading a program Mo a 
reprogrammable memory of the terminal module torn figure 4A or figure 5 or of a rricroctrcuK 
card connected Id tie latter. 

Referring to figure 1, a system for carrying out secure transactions comprises a 
terminal module 1 for reading an Integrated circuit card 31 or the ice. The terminal module 1 
comprises a Her F consisting of a software module processing high-Jevei requests issued by 
appfcafon service providers FAp external to the terminal modute 1 by means of a logic interface 
F-APl and user in te rfaces such as a dteptey screen 4 and a keyboard 5 enabling a user to read 
and enter date, tt also comprises a reader or other ccror^ 

card or any equivalent security device personal to the user of the token, 'Java Ring* (from SUN), 
"Button* (from Dallas Semiconductor Corporation), or soft token type and communication 
interfaces with at least one application service provider FAp which can be instated on a PC 
and/or on a server Sap, lor example, date then being exchanged via a date communication or 
telecommunication network R. 

The terminal module 1 can be a dedicated terminal or integrated into a PC or into a 
network computer (NO dedicated to network app fc a Bo ns or into a cable TV network decoder 
(Set Top Box). 

The terminal module 1 can perhaftt be used in autoromotis mofe^ 
information such as the contents of an electronic purse contained in a memory of the card 31. 

To cany out secure transactions the terminal module 1 can be used orvine to a server 
Sap or off-fine, the application FAp then running tocafly, for example on tie PC: this is the case 
when, for example, a user must sign an electronic ma! message or transactions that wtt be sent 
to an addressee. An operation of this kind does not imply connection to an appication server at 
the time when the card 31 is used. 

in on-fine mode, as represented in figure 3 in the case of a dedicated terminal module 
1, the latter can be connected to the server Sap on which the appication FAp is installed via the 
PC and a network R such as the Internet or through the intermediary of the telephone network R 
via a modem MO or a DTMF Knk with a telephone handset CT. Some transactions, such as 
retoacfing an electronic purse in the card 31, can necessitate bidkectonai exchange of data with 
the server Sap and are therefore more ergortomic in on-fne mode. 

Canying out a transaction secured with a termnaJ modute 1 and a card 31 impies that 
high-level software requests (for example: requests for signature, authentication, etc... which 
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must be processed so as to meet the required security objectives of the application program) wl 
be sent from tie appfcatton program instaied cm tte server Sap fc™ 
the PC or NC avaflable to the user (off-ine mode, for example signing of electronic mafl) k> the 
liter F controfflng the security means. The fitter F processes these requests by mem of 
translation software to assure that the application or virus type software cannot have dred 
access to the cryptographic functions of the integrated circuit card 31. The processing of the 
higWeveJ requests includes translation of these requests into an elementary command or a 
sequence of elementary commands which are executed by the personal security device. The 
high-level requests are formulated Independently of the software and/or hardware design of the 
personal security device, i.e. they are not formulated as a direct function of the personal security 
device. 

The high level requests contain information specifically related to the process that wD 
be executed by tie fitter F. In a simple example, a high level request can contain a single 
oto ine nta iy command to be transferred to fte personal security device, tor example, an APDU 
(AppOcafon Protocol Date Unit) in the case of a smart card, attached to a Message 
Authentication Code that wil enable the filter F to Check the origin and integrity of this request 
before senting the elementary command to the personal security device. In a more complex 
example such as a request to sign a document, tie high level request wit be transformed by the 
ttter F into a sequence of elementary commands sent to the persona) security device and 
eventuafy to the user interface. Thus, according to this detrition and due to the fact ftat it 
contains specific information to be decoded by the iter F Independently of the persona* security 
device, the Wgh level requests wi be said to be irutependentoftr^ personal security device. 

The fitter F meets the security objectives required in that the translation software that ft 
includes verifies the Identity of the appication issuing the service requests (or the source of 
requests cfirectiy) and is installed in a manner that guarantees the integrity and the confidentially 
of the operations and data used to respond to service requests. 

A translation software is configured for one type of mtcrorircuft card and translates a 
hlgb-tevel request received from application software into an elementary command or a 
sequence of elementary commands that can be executed by the microcircuit cards and/or a 
sequence of exchanges of data with the user. 

The high-level requests art a list of commands used by the application programs to 
invoke the security services needed to identify and authenticate the person performing the 
tran sa ctio n ami to guarantee the source, me integrity and where appfcable non-repudiation of 
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the transactor*. A high-level request from an appication (on a server or on the PC or NC] can 
be charactonsed by one or more of the following points '. 

-it is independent of the basic means (cryptographic means, for example) used to 
respond to Is request and contains specific in for ma tio n to be processed by the titer F. 
Reciprocally, a pkirafity of appfca&ms can use the same security service provider, employing 
the same logic interface F-API defining these requests. 

-the processing of the request inks foe transaction in a certain manner to tie user 
performing the transaction by means of at ieast one fixed or variable secret parameter stored in 
by the Integrated drcuft card of the user. 

-it can include information enablng the titer software F to verify its source and its 
integrity. Authentication can use a Message Authentication Code (MAC) or a code of the 
electronic signature type associated with the request 

- if the transaction is not entered by the user on ihe terminal module Hsetf , the request 
can contain the information needed for the user to verify the essential data of the transaction, if 
required and if the terminal module supports this option. 

The logic interface F-API for exchanging high-level security requests between the 
appfication and toe translation software of the filter F can be standardised so that it is common to 
do pant a pftojpjLPJggnjn^ used bf^an 

electronic ma§ appication aid by purchasing software. It is therefore possible to change the 
appication whist retaining the security service provider or vice versa to replace the security 
service provider without changing the appfication. 

To guarantee the integrity of the chain of confidence between the application and the 
card, ihe translation titer software F identities and even authenticates the source vtd the 
integrity of requests that it receives. Various msfoods are feasible for identifying the application 
issuing the requests: 

- an identification code can be integrated into the request itself aid then verified by the 
filter software using information that it contains or that can be stored on the integrated circuit 
card; 

-the same objective can be achieved by comparing the result of a hashing operation 
executed by the filter software on the appfcation software issuing the request with a result 
previously stored on the card, for example. This solution is particularly suitable for the situation 
in which the appfcation is instated on the user's PC; 

- authentication can equafty be performed by associating wfth the request a MAC 
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catenated from fie content of fa request and a secret key shared between the a p pfica fan and 
tie filter software. An equivalent principle can be used with a signature on the request 
calculated wHh the same Information and a private key known to the appfca fon, the signature 
being verified wtth the corresponding public key known to the filer software. 

Rgure 2A explains a first embodiment in which the terminal module 1 is a PC 102, the 
connection to the integrated cfecuft cant 31 emptying a leader €co^ 
tie PC 102. The PC 102 includes input/output interfaces 102a to the reader 6 ml the server 
Sap. DepemSng on the nature of the reader connected to the PC, the user interface 
components can be the keyboard and the screen of the PC Itself or a keyboard and/or an LCD 
dfep&y on the reader, for example, tn ftis e m bo di ment the filter F Is Instated and executes on 
the PC 102. The fitter F, and therefore the translation software that it contains, can be stored on 
the "hand disk (HD) 102b of the personal computer 102 To execute on the central processor unit 
or microprocessor 102c of tie PC, the fitter software is loaded Into tie random access memory 
(RAM) 102d of the personal computer 102 

Because the hard disk of a PC ts difficult to protect, the filter software For at least the 
sensitive part of this software can be encrypted. For fa purpose H can be divided into at least 
two modules: a badtrg/decryptmg module Fed and a second module corresponding to fa 
encrypted filter software Kserf. The ftst module enables fa second module to be loaded into 
RAM, decrypted and then executed. Referring to figure 2A, fa software module when 
decrypted and loaded into RAM is denoted Fdec. 

Programming languages ice Java, with security mechanisms intrinsic to fa language 
Itself, strengthen fa protection of fa software. 

Another method of verifying fa integrity of fa Mar software Is to have fa second 
module signed by an authority guaranteeing tie content of fa fitter software by means of a 
private key that is kept secret by fa authority. The first loading module then, at fa same time 
as performing the decrypting operation, performs a hashing operate! on the second module md 
verifies fa signature of this module using fa public toy associated with fa private key of fa 
aufarity. 

The operations described above imply fa use of keys on which fa security of fa 
application refies. These keys can be concealed in the loading modufe, stored in the reader 6, or 
stored on fa Integrated circuit card 31 Itself. Another possibility is to jnsial fa decryption and 
integrity verification module in the reader 6. 

The object of the invention is to prevent a pirate from using the mtegrated circuit card of 
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a user without their knowledge, for axsnpie by modifying tie liter software controlling tie caul 
or the application software, or by loading a virus to bypass the applcation or the titer software. 
Tha embodiment described previously and its variants address fries© risks, by enabling 
verification of: 

- tie integrity of the fitter software, and 

-the source and the integrity of commands sent to the card via the reader 6, by 
authenticating them using a MAC, for example. The MAC can be verified by tie reader 6 or the 
card 31. Equivalent protection could be obtained by encrypting the dialogue between the titer 
software and the reader 6. A virus at te mpt! i g to bypass the filler software would then send 
unauthenteatad or incorrectly encrypted c om mands to tie reader 6 or to the card 31; these 
commands would therefore be rejected by the reader or tie card, preventing the vims from 
achieving its aims. To prevent a hacker from determining the keys used by a terminal by 
analysing the operation of another terminal, tie keys used by various terminals must be 
diversified. 

The encryption and signature mechanisms that can be considered to address the need 
to protect the fitter software are wol known to the sklied person and are based on existing 
cryptographic techniques as described, for example, in "Appied Cryptography, Protocols, 
Algorithms, and Source C ode in C* b y Bruce Sc hneier. John Wiley and Sons, trie 1994 Mti bt 
this reason wtt not be descrfoed in detal here. 

Instalfing tie liter software on a PC cannot guarantee the same ievef of security as 
installing It in a dedicated terminal that cm offer additional hardware security mechanisms as 
used in tie other embodiments described later, these mechanisms offering physical protection of 
the fitter software and the secrets that it contains. 

Figure 26 shows one variant of the figure 2A embodiment This variant exploits the 
flexfoitity and the ease of connection of a personal computer to a networlc This enables part of 
the liter software, and in particular the secrets, to be held by a secure server Ssec. 

In figure 28 the filter software Is divided into two software modules, a module F-PC 
instated on the PC 102 and a module F-SE instated on a security server Ssec The 
programmable memory previously referred to and storing the filter software is therefore in tie 
secure sever Ssec In this variant, i.e. out of reach of unauthorised users. Likewise, the filter 
software or at least tie sensitive part of the filter software F-SE requiring protection executes on 
the secure server Ssec. 

The software module F-PC instated on the PC 102 Is connected by a secure channel 
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CS to the security server Ssea The secure channel is an encrypted communication channel for 
exchanging protected data between the two liter software modules F-PC and F-SE and possibly 
reciprocal authentication of the two modules F-PC and F-SE The secure channel can use wel- 
known commurication protocol such as SSL, for example. 

Setting up this secure channel CS therefore enables the first filter software module F- 
PC to send to the second fitter software module F-SE requests received from the appScaion FAp 
via the logic interface F-API together wft information concerning identification of the a ppi ca tion 
issuing these recasts. After verifying the information relating to the application, and dependng 
on the app&cation and possibly on rights of the user* the second software module F-SE then 
translates these requests silo a series of commands to the microchip card 31 and tor centreing 
excha nges of date with the user. The commands generated by the module F-SE are then sent 
to the list module F-PC which routes toem to the element concerned: the PC fteetf to the case 
the commands contro ffi ng exchanges with the user or the Integrated circuit card. For toe 
commands corrtrofltog exchanges with the user to execute on the PC, the latter must Include an 
Interpreter software module 1. The interpreter software enables dbptey of messages on the 
screen 4 and input of information by the user via toe keyboard 5. The interpreter software 
module Is descrtoed in more detei In connection with figures 4B and 4C. 

Thte eecxxto the 

first mode of execution (figure 2A) insofar as the identification of the application (hashing or 
signature, for example) and pro tec tio n of commands sent to the card (addition of a MAC, for 
example) are concerned. On the other hand, ft crffm an enhanced degree of security Insofar as 
the fitter software module F-SE translating high-level requests received from toe appication FAp 
executes In a secure environment. In the context of the Invention the server Ssec is deemed to 
be secure If i is not accessible phyaicdty or logically (U. via a network connection) to 
unauthorised persons. 

The second mode of execution shown in figure 2B is suitable for applications employed 
in a dosed or private environment controlled by a central authority, as It necessitates a protected 
server administered centrafly. This second mode of execution also offers the fadfty to define a 
centraised policy of access to cryptographic services offered by the integrated circuit card. This 
access policy can be based on appications requiring the services of the card and on the users 
themselves. In the case of a business issuing its employees or customers integrated circuit 
cards enabling them to sign electronic mail and b&iking transactions, It cam assure that only 
authorised users can sign: this mechanism can be implemented using the secure channel CS. 
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For each signature request issued by one of the ap0^^ 

(tie electronic mal program and the bank transaction software), the software module F-SE wiB 
execute a request for authentication of the user. This request can be executed, for example, by 
semfing a random number (chatonge) to the card 31 via the secure channel CS. After the user 
enters their confidential code, the integrated circuit card calculates a dynamic password by 
encrypting the chalenge using a secret key thart I holds. The password is then sent via the 
secure channel CS to the software module F-SE. Knowing the user and therefore the secret key 
held on their card, the software module F-SE compares the password received with the 
password expected. This mechanism, known as challenge-response mode authentication, 
enables the software mod\M F^SE to vafidate the user's identity. Thus the business that has 
Issued the integrated circuit cards to the users can assure that only usere who are stffl authorised 
can Islgn bank transactions, for example. 

By virtue of the secure and centralised means that It represents, the server Ssec 
enables not only secure tnstaftatkm of the fitter software F-SE but aito the facility of totftufng a 
centralised poficy for controlling use of security services offered by the integrated circuit card. 
The server Ssec enables a centrataed poflcy to be instituted by virtue of the fact that the sane 
server can be connected to a plurality of software modules F-PC instated on the person^ 
computer* of a plurality irf definition and control 

of the concfflkms of use of security services offered by the cards issued to the various users in 
accordarrawiththeprofiteofthea 

instituting Ms centralised poftcy impfies the server holding the necessary information, I.e. the 
rights of users to us* a particular security service in connection with a particular appticaion. 

This second mode of execution (figure 2B), well suited to private environments, is 
difficult to apply to open applications where a secure central server Ssec is not feasible. 

Figure 3 shows a terminal module embodying functional architecture principles similar 
to those of figure 28 in a different embcxfment requiring no centralised server. The terminal 
module in the second embodiment of figure 3 has a very high level of security, enabling it to 
assure local protection of the flter software F directly. 

In figure 3 one face of the terminal module 1 which can be a portable unit, carries the 
display screen 4 and the keyboard 5 and the unit contains the electronic circuits, which are 
preferably not accessible from the outsida. The module 1 contains the reader 6 and has an 
opening for inserting the mkroctrcuit c»d 31 into the reader 6. The mode of execution described 
wNh reference to figures 3, 4/\ 4B and 40 must not be considered as limited to a defeated 
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terminal. The following description appfies to a PC-bssed or NObased terminal. 

In a fast mode of execution, shown in figure 4A» of this second embodiment of the 
terminal ntoduie of figure 3, the steUjmifc circuits of ttw terminal module 1 are based on a 
standard mfcrocorrtrofler 2 and a secure microprocessor 3 which are interconnected and 
permanently installed in the module 1 . As an attemathre to tois, the microprocessor 3 can plug 
into the modirie t by means of a connector 41 shown in das hed fine in figure 4 A. This 
description covers a generic mode of execution based on a standard microcontroller, to a 
particular mode of execution that wil be descrtoed later the microcontroier 2 can be a PC 102 of 
the type shown in figure 2B. 

The standard m ic rocontroller 2 comprises a proc esso r unit 2a, temporary memory 
(RAM) 2b and permanent memory (ROM) 2c It is preferably a "monochip* microprocessor the 
software of which is mask-programmed in the permanent memory 2c and which integrates into 
the same integrated circuit standard interface management or oontrol means, the proc es sor unl 
2a, the temporary memory 2b and the permanent memory 2c. 

The interfaces or peripheral devices managed by the microcontroller 2 include the date 
display screen 4, for example a Iquid crystal (fisptay, fce keyboard 5 for entry of data by a user, 
the m tero dr cuft card reader 6, an external co nn ect io n interface 7. for example of the RS 232 or 
PCM-C1A type, an infrared link interface 8 and a DTW device 9 for sending data over a 
telephone ine. 

The components of the module 1 also include a clock 10 and an electrical power 
supply 11 for the various circuits and components of the module 1. The electrical power supply 
11 can be a battery power supply* the module 1 is portable and autonomous. 

Tim task of the standard mteocorrfrotter 2 is to manage the environment, Le. to control 
the interfaces 4-9 and the dock 10 together with the power supply 11 for selectively energising 
the secure microprocessor 3 in the case of an autonomous module 1. 

The standard microcontroller 2 therefore requires Iffle computing power, Jtte 
temporary memory (RAM) and no semipermanent memory (EPROM OR EEPROM). The 
microcontroller 2 is write protected by virtue of the fact that programs (interface control and, as 
described betaw, interpretation, management of docks and electrical power supply, etc) are 
mask-programmed in the permanent memory 2c. As wil become apparent hereinafter, the 
standard microcontroller 2 can also contain one or more secret parameters on the basis of which 
it can be authenticated by the secure microprocessor of the terminal module and/or of an 
integrated circuit card. The secrets must therefore be protected against reading and writing. 


CA #2330534 2S00- 11-27 

20 

They am preferably stored in the temporary memory (RAM) of a "monocfcsp" m k jo pr oca ss or 
which cannot be written or read from the outside. The standard moixontroAer 2 can ate have 
additional security functions, for example to prevent fraud such as display of data different to that 
coming from the micro processor 3. 

tt is therefore of tow cost and consumes little etectrteat power, which is particularly 
suitable for a portable product The microcontroller can be art OK) MSM 63180, for example. 

There are preferably tm docks 10: a low-frequency clock 10a, for example a 
32.368 kHz dock, and a high-frequency clock 10b t fx example a dock at 1 MHz to 12 MHz. 
The mfcrocontrotter 2 commands the connection of its system dock to one or other of these two 
docks. 

The stow dock 10a times a timer 2d of the mk*ocontrolef 2 with a period of 0.5 s to 
provide a real time dock In the module t. The processor unit 2a can aiso use the stow dock 10a 
for functions that do not require high calculation speed: in this case the system dock of tie 
ntaooontrotter 2 is connected to the slow dock 10a and the tot dock 10b is slopped. This 
mode of operation reduces the electrical power consumption of the module 1 which is 
ad vantageous tf it is portable and battery powered. 

The microprocessor 3 which ts read and write protected indudes a cenM processo r 
unH 3a, a temporary menwry (RAJ^ ^ 

etodricafty reprogranrtmabie semi-permanent memory (EEPROM or Flash RAM, for example) 3d 
for storing the application programs of the module 1. 

The secure microprocessor 3 is of the type used in mfcrodreuit cards and has a limited 
number of inputs and outputs, its Internal buses being haccessfcie from the outside. It is 
manufactured with other security mechanisms specific to this type of microprocessor and wed 
known to the skffied person, such as security matrix, memory scrambling, clock frequency 
control, reset control, etc mechanisms. 

Because the microprocessor 3 has a semi-permanent memory 3d It is possfcte to toad 
one or more application programs kite it from the outside, tor example from a server or from a 
micrcwrcui card. It is therefore possible to modify me appBca§on(s) »n accordance with 
requirements (access control, finandal and/or commercial transactions, electronic purse, etc) for 
which the module 1 is intended. If the size of th« semi-permanent memory 3d aitows It it is aiso 
possible to install new applications during its use. 

Depending on the version chosen, the secure microprocessor 3 can compute 
cryptographic functions requiring large-scale computations embocSed to RSA or DSA type 
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a s ym mafr i c algorlttwis or use simpler atgon^ms, for example DES type algorithms. 
Trwsecum microprocessor 3 can be, for example: 

- a SEMENS SLE44C160S rrorwayptographic rrfcn>processor, wrth 14 kbytes of ROM 
and 16 kbytes of EEPROM; 

-an SGS THOMSON ST16CF54A cryptographic micro-processor, wrth 16 kbytes of 
ROM, 4 kbytes of EEPROM and 460 bytes of RAM; 

• a PHHJPS P83C858 cryptographic microprocessor with 20 kbytes of ROM and 
8 kbytes of EEPROM. 

The secure microprocessor 3 is connected by the Ink 12 to the standard 
mfcroconfroler 2 and by inks 13 and 14 to the external interface 7 and to the mtaodrcuft card 
reader 6 via respective swttehes~intartoce adapters 15 and 16. The switches-interface adapters 
15 end 16 are controlled by the standard mkrocorttrofer 2 via respective Bnks 17 and 18. 

The standard rracrocontrofler 2 comprises an interpreter program 20 (figs 4B and 4C) 
stored In the ROM 2c and enabling tt to execute commands generated by the software for 
translating high-level requests forming part of the appfcation or program(s), as described 
herein after. The interpreter 20 enables appicatfon programs stored in the secure 
microprocessor 3 to control the Interfaces 4-8 via the Ink 12. The application programs can 
nevertheless be located and executed elsewhere than In the secure microprocessor 3, for 
example on a microcircuit card 31 inserted into the interface 6, for example a card supporting 
mechanisms for downloading and executing appfcatiorts as deserted in French Standard 
NF EN 726-3, the title of which translates as "Integrated circuit cards ml terminals for 
teteoommuntoations. Part 3: Specifications of the card independent of the appfcations". 

Depending on he security rates to which they are subject, the a ppfl cafon programs 
can also be divided between tiese various locations. 

Figure 48 is a functional diagram showing a first software architecture configuration of 
the module 1 from figure 4A in which afl application programs A1, A2, .... An and security 
functions (condensate computations, symmetrical crypfographb algorithms such as DES or triple 
DES, asymmetric crypto gr ap hi c algorlfims as proposed by RSA) are implemented in tie secure 
microprocessor 3. 

The applications denoted A1, A2 An hereinabove and in the remainder of he 

description comprise at least tie filters F1, F2 r .... Fn and thus in particular the software for 
translating requests from tie application service providers) FAp forming part of the main 
appticafon 54 (figure BA). 
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The standard microcontroiJer 2 manages the environment usfrtg various feriterfaoe 

drivers; 

- a driver 21 for the microdrcurt card reader a interface 6; 

- a driver 22 for the serial Ink interface 7; 

- a driver 23 far the keyboard 5; 

- a driver 24 for the infrared Br* interface 8; 

- a driver 25 far the display 4; 

- a driver 26 for the dock 1 0 and the pov*er supply 1 1 ; 

- a driver 27 tor the DTW interface 9; and 

- a driver 26 for other interface*, assuming that the module 1 includes one or more 
Interfaces other than those represented In figure 2. 

The secure microproc ess o r 3 can therefore control the interfaces by means of 
commands which are interpreted by tie interpreter 20 ami moiled by the standard 
microco n tro ll er 2 using the drivers 21-28, 

Figure 4C shows a second software configuration of the module 1 from figure 4A in 
which one or more ap pication s Ax and one or more cryptographic functions Sx are stored in a 
reprogrammable memory 30a of a secure microprocessor 30 of a microprocessor card 31. 
When fte cart 31 is inserted into the reader 6, the m i cro pro ce ss or 30 executes the applications 
Ax and the cryptographic functions Sx. Other appfications and security functions can be resident 
in and executed by the secure microprocessor 3 of the module 1. For ex&npte, the 
microprocessor 30 of the card 31 can assure an eie diunL signature function assuming that the 
secure microprocessor 3 does not include a dedicated computation processor (cryptoprocessar). 
Redprocafly. If the secure microprocessor 3 includes a cryptoprocessor. it is possible for an 
application on the microcircuit card 31 to invoke cryptographic commands of tie module 1 that 
wiB be executed by the secure microprocessor 3. 

In this second configuration, which otherwise is identical to that of figure 4B, the 
interpreter 20 has the same rote relative to the m icrop rocessor 30 as it has relative to the secure 
microprocessor 3. Thus the module 1 can execute different appScatkxts according to the type of 
microdrcult cad 31 inserted into tte reader 6, for example: 

- authentication of the user In the context of a banking transaction (balance enquiry, 
transfer of funds, etc) effected via a telephone ins by means of the DTMF interface 9; 

♦ electronic purse balance enquiry or reloading from the module 1 when a mkrocircutt 
card 31 used as a purse is inserted into the reader 6. The module 1 offers the faciity to manage 
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several dMferwit purses.* bank puree, purse specific to an institution, tor exanple; 

• reading 8 medical dossier on 0 reedtc&f card; 

• reading loyalty points on a card on which loyalty points are awarded to a consignor 
according to purchases made, participation in customer loyalty operation, ate. 

The mode of execution described hereinabove with reference to figure 4A and the 
software configurations shown in figures 46 and 4C likewise apply to a terminal based on a 
conventional PC addffionatfy equipped wfth a secure microprocessor 3. In this mode of 
execution the mta ocontroter 2 corresponds to the PC 102 as shown in igum 2A, the processor 
unit 2a corresponds to the microprocessor 102c of the PC and the RAM 2b and the permanent 
memory 2c respectively correspond to the RAM 102d and tie hard disk 102b. likewise the 
inputs/outputs 102a of the PC correspond to tie interface modules 7, 8 and 12 of figure 4A. The 
connection between fee secure microprocessor 3andthePC102canbea serial or paralet fink 
or a connecfion to the PCMCIA type internal bus of the PC, or a direct connection to the PC 
motherboard. As an alternative to this, the secure microp r oce sso r 3 cm be fixedly or removably 
(via the connector 41} integrated with the PC keyboard. 

in this case the interpreter software module 20 and the peripheral driver software 
modules 21 through 28 are installed on and executed on the PC. The function^ architecture of 
this mode of execution is equivalent to that shown in figure 2B, the interpreter module 20 
installed on the PC assuring the same rote as the interpreter module I from figure 2B: H executes 
commands for controlling exchanges with the user received from the filter software F which is 
instated in a secure manner in tie m i cro p roc es sor 3 (Figure 4B) or the integrated circuit card 30 
(Figure 4C). 

The figure 5 diagram fostrates a second mode of execution of a second embodiment 
of the invention in which the electronic circuits of the terminal module 1 are based on a single 
microcontroler 29 replacing the microcontroler 2 and the microprocessor 3 and offering the 
same type of physical and logical protection as the microprocessors designed for integrated 
circuit cards. This microconfrotter drives afi the interface means 4-9 of the terminal module. It 
includes a processor unit 29a, a temporary memory (RAM) 29b, a permanent memory (ROM) 
29c and a semi-permanent memory (EEPROM) 29d for storing the tr an slato r software. The 
processor unit 29a corresponds to both the data processing unit 2a controHtog the interfaces and 
the processor unit 3a for executing the translation software. As previously, the terminal module 
1 can be based on a PC 102 to t>e internal bus of which is connected a secure microcontroller 
29 contrctfng the display screen 4 and the keyboard 5 of the PC (firecty. 
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In cm variant the memory in which tie software for translating high-level requests is 
stored, volarJe RAM with backup power supply or semi-permanent memory (EEPROM or Rash 
RAW), can be external to the microcontroller 29. tn this case the translation software cro be 
encrypted and signed or protected by a message authentication code (MAC) to assure its 
integrity and ri confidenSaifty. The software is read by the microcontroller 29, decrypted and then 

In a third mode of execuion represented In fgure 6 of tie second embodiment of the 
invention the terminai module 101 has no secure microprocessor 3. In figure 6 the sane 
reference numbers as in figure 4A denote the same elements. Themk70Gontroler2a)ritotothe 
interface 6 and the swflcb-adapter 15 lor connecting tie secure microprocessor 130 of a 
programmable microdrcuit card 131 In the interface 6 with the externa! ink interface 7. In this 
cas6 aB of tie applcations A and the cryptographic functions C are stored in a semi-permanent 
memory (EEPROM or Flash RAM) 130a of the secure microprocessor 130 of the ptogranwnabte 
mfcrodraAcaid 131 and implemented by the latter as described with reference to figure 4C in 
respect of the appfcafons Ax and the cryptograpfifc functions Cx. 

tn the examples described previously, for simpfcity, the microprocessor 30, 130 of the 
integrated circuit card and the secure microprocessor 3 possibly incorporated in the termmd 
rrcriute have a comnuir^^ in these exarnptea axchoigee 

between tie various entities, i.e. the electronic unit 154 (figure 6) containing the mam 
appJtaatioa the secure microprocessor 3 and tie microprocessor 30, 130 of the integrated circuit 
card, are effected via the microcontroller 2 or 29 of the termini module. The above descriptions 
must not be considered as limiting on the invention: other implementations are feasible within the 
scope of tie present invention* The secure microprocessors for integrated circuit cards currently 
avaiabte which can be used for the card itself (microprocessor 30, 130) or in the terminal module 
(microprocessor 3) cm have two communication ports. Various embodiments optimisin g 
communication are therefore easy to envisage with this type of microprocessor. In figure 4C, for 
example, one port of the integrated circuit card 31 can be dedicated to controlling the user 
interface and therefore connected to the microcontroller 2, the other port being connected to the 
electronic unit including the main appication, subject to appropriate interface adaptation. 

According to one important feature of tie Invention filter software is stored in tie 
reprogrammable memory EEPROM associated with tie secure microprocessor 3 or 29 of tie 
terminai module 1 and/or the secure microprocessor 30, 130 of the card 31. 131. This Her 
software translates m a manner known in itself high-level requests from the server Sap or from 
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the PC into sequences of elementary commands thai can be executed by these m i crop ro c e ssors 
(toese c omma nd s are deined in part 4 of ISO standard 7816-4). In accordance wih tie 
invenfon, We filter software translates toese hi#v4evel requests into sequences of exchanges of 
data between the terminal module 1, 101 and the user via the interface means such as the 
display 4 and the keyboard 5. 

This solution has the advantage of considerably reducing the flow of data exchanged 
between tie terminal module 1, 101 and the server Sap or the PC, but requires secure 
vistaWm of the translation software to prevent instructions sent to the microtircuft cad from 
being mocfified. 

This tier software is an integral part of the portion of the application software instafied 
in the terminal module 1 andfor tie card 31, 131 and can therefore be downloaded. 

Figure 7 lustrates the conventional software architecture of a microdrcuit card (smart 

cod). 

The various software layers are represented by a block 43 which comprises a 
'co m m u ni ca tion protocoT software layer 44 enabling commands to be received These 
commands are decoded by an "APDU c ommand i n ter preter * software layer 45 (APOU: 
Application Protocol Data Unit) the role of which Is to route the commands to the processing 
modules, which ca n bet 

- secure fie management services software 46; 
* cryptographic services software 47; 

- application software 48. 

The processing modules 46, 47, 48 rely on basic services ottered by the operating 
system 49 of tie microdrcurt card. 

Figure 8A iSustrates the software architecture of a system tor carrying out secure 
transactions using terminal modules 1 provided with a secure microprocessor 3 to accordance 
with the mode of execution of the invention shown in figure 4A. 

Block 51 represents toe software executed by the secure microprocessor 3 of the 
terminal module 1, block 52 the software executed by the microcontroler 2 or the PC 102 of the 
terminal module 1, block 53 the software executed by the microprocessor 30 of a mtcroctrcuft 
card 31 and block 54 toe main appfcafon software (appficatton service provider) instated on the 
server Sap or on a PC. 

Block 51 is similar to block" 43 of figure 7 t i.e. the secure microprocessor 3 has an 
architecture similar to that of an integrated circuit card. Block 51 comprises: 
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- commumcalon protocol software 60; 

- aerating system 61; 

- a block 62 represening the portion of the application software instated in the terminal 
module 1, this portion of the application software essenSaHy comprising the itter software 
previously mentioned. Various software modules of frs type corresponding lo various 
applications can co-exist in the secure micro pr ocessor 3; 

-optionafty, software 63 for authenfication of the standard microco n troiier 2 (by the 
secure microprocessor 3) and authentication of the secure microprocessor 3 of the terming 
module 1 (by the microprocessor 30 of the card 31); 

- secure file management software 64; 
* cryptographic services software 65. 
Block. 52 comprises*. 

- communication protocol software 70; 

- a command interpreter 71 corresponding to the software 20 from figures 4B and4C; 

- authentication software 72 for authentication of the standard microcontrofier2 (by the 
secure nocropr ocessor 3 of the termtoal module 1 ) in conjunction wffr the software 63; 

- software 73 for controfiing resources internal to the microcontroller 2; 

- software 74 Sfor ; oqnjh^ the user drivers 23 and 25 for the screen 4 
and the keyboard 5); 

-software 75 for oontnotSng the communication interfaces 7, 8 and 9 (drivers 22, 24, 

27). 

Finally, block 53 Is similar to block 43 but in the example descrfced with reference to 
figureaAdoes not include any application or ©tar software. It comprises: 

- communication protocol software 80; 

- APDU command interpretation software 61 ; 

- secure file management services (for example PIN checking) software 82; 
-cryptographic services software 83 (symmetrical cryptographic computations using 

secret keys or asymmetric cryptographic computations using public and private keys, etc) for 
authentication of the secure microprocessor 3 of the terminal 1 (by the microprocessor 30 of the 
card 31) In conjunction with the software 63, among other functions; 

- the operating system 84 of the microprocessor 30 on the card 31 . 

The communication protocol 60, 70, B0 controls exchange of data between: 

-the microprocessor 30 of the cart 31 and the standard rwcrocontrofter 2 of the 
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PC 1 02 of the terminal module 1 ; 

• the secure rrtcroprocessor 3 and the miooconlroiter 2 of the terminal module 1 ; 

■ the secure mi c roproce ss or 3 of the terminal module 1 and the microprocessor 30 of 
tie card 31. 

Figure 66 is a view simiar to figure 8A Itustrating the software wchftecture of tie 
system in the situation where the terminal module 101 does not include the secure 
m icro p rocessor 3, in accordance with the third mode of execution of the second embodiment of 
the invention (figure 6). 

in figure 88, block 152 represents the software executed by the rrricraxmtroter 2 of tie 
terminal module 101. block 153 the software executed by the microproce ss or 130 of a 
programmable microdrcutt cant 131, and block 154 the main appicatxm software instated on 
the server Sap or or a PC. 

Block 152 comprises the same software 70, 71 and 73 through 75 as block 52 from 
figure 8A and a block 76 which comprises software far authentication of tie standard 
mcroocxntroaer2ofthetwTiMmodute101 (by the m fcr o pr ote sam 130 on tie card 131), 

Block 153 relating to fie microprocessor 130 of the card 131 comprises software 62 
and 80 through 64 of blocks 51 and 53 from figure 8A together with software 77 for 
authentication of the standard microcontroier 2 of the terminal module 101 (by the 
microprocessor 130 of the card 131) in conjunction wrth the software 76. 

Unlike a conventional system, in a secured fransaction system of the invention tie fitter 
software 62 which translates high-level requests from tie appicatton into elementary commands 
that can be executed by a mfcrodrcuft card is Instated in the secure user environment Le. either 
in the terminal module 1 (for tie appScations A1, A2, An of the modes of execution from 
figures 4A-4C and 5) or on a semi-permanent memory card 31, 131 which can be used with the 
terminal module 1, 101 (for tie applications Ax of tie figure 4C embodiment and for all the 
appfications of the figure 6 embodiment). 

Apart from its nrnockcuft card management function, the filter software 62 controls 
interaction with tie user, i.e. the sequences of exc hang e s of data between a user and the 
terminal module which are required in the context of an appticatkm and which use the interface 
means, namely the screen 4 aid the keyboard 5. Note frat tie invention is not imited to the use 
of a screen and a keyboard as interfaces with the user and that any other type of interface with 
the required ergonomte features could be suitable, for example a voice interface. 

Transactions are secure because the fitter software 62 is securely instated in the 
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secure microprocessor 3 or 29 of the terminal module 1 or the rr u cro pr oce s sor 30, 130 of the 
frtcrocifawtcanJ 31, 131. The keys and rules necessary to access ies on fte mfcrcdrcufccard 
31, 131 are contained in the translation software 82 and are therefore inaccess&fe to trtrd 
parte. 

The functions of the filer software 62 wtl be lustrated hereinafter In the context of an 
example of an electronic trading appfcaBon. The appicatton includes tie foiowmg entities: 

• a purchaser, 

• a merchant, 

• a bank. 

The merchant has an electronic trading server Sap (Web server) accessible via the 
Internet. The purchaser has: 

•a PC for accessing the electronic server Sap to consult a catalogue of products, 

•an integrated circuit card 31 supplied by the bank and tie microprocessor 30 in which contains 

a private key but does not have any cryptographic capabltties connected with a signature, 
•a terminal module 1 as shown in the figure 4A embodiment having a standard m i croco n troller 

2, a secure microprocessor 3 with cryptographic capabttties enabling a message to be 

signed, a keyboard 5, a display 4, an Integrated circuit card interface 6 and a serial interface 

7 for connecting ftio a PG. 

The principle of operation b as follows: the transaction Is signed by the terminal 
module 1 using a private key held by the card 31, This private key is protected by a confidential 
code (PIN) that the purchaser must enter in a secure environment, i.e. on the terminal 1, and by 
prior authentication of the terminal 1 by the card 31 using a secret key Kauth. The private key is 
also transmi tted in an army pled manner (by means of a key KchH) to set-up a secure 
conumirocation channel between the micro pr oce ss or 30 of the integrated circuit card 31 and the 
seaire mkaoprocessor 3of thetermlnai 1. 

Rgure 9 iustrates the exchanges between the various entities: 

a. the purchaser enters an order on the PC, 

b. the PC generates the transaction to be signed by the purchaser (product code* price) and 
requests the terminal module 1 to sign the transaction, 

c. the terminal module verifies the source of the request for signature and then prompts the user 
to enter their PIN code by displaying a message "enter PIN" on the cSspiay 4, 

d. the purchaser enters the code (PIN) on the keyboard 5 of foe terminal moduie 1 , 
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e. the terminal module 1 sends the RN to the card 31 for verification; postive verifcaSon lifts 
one of two conditions of access to reading the private key, 

f. fie tennral module 1 dteptays the transaction on its display 4, 

g . the purchaser confirms it by pressing a 'confirm' key on the keyboard 5 of the terminal module 

1, 

h. the terminal module 1 submits an external autienfication request to the can! 31. External 
authentication enables the secure mic rop rocessor 3 of the terminal module 1 to authenticate 
Itself to the microprocessor 30 of the card 31 and thereby lift the second level of protection of 
access to the private key. This authentication is performed in ch a fta nge/ rosp o ns o mode using a 
secret Kauth shared by the terminal module 1 and the card 31 r 

I. the terminal module 1 sends a private key read request to the card 31, 
j, afi access conditions having been satisfied, the card 31 accepts the read request and sends 
the private key, which is e ncry p ted using a secret key Kchif shared by the card 31 and the 
terminal module 1 r 

k. the terminal module 1 decrypts the private key, signs toe transaction by means of the private 
key, destroys the private key, disconnects from the card 31 and sends the signed transaction to 
the PC which sends it to the server S. 

The above example can easiy be transposed to an electronic transaction performed 
without any PC, the terminal module 1 being connected directty to a server Sap by a modem link 
(figure 3), the purchaser entering the order (product code) on the terminal module 1. 

Note that authentication of the secure microprocessor 3 by the card can also be 
effected by way of the read private key command by a ss ociat in g wfth it a message 
authentication code (MAC) calculated using a secret key. 

This example shows that the filter software 62 can translate a high-level "request for 
transaction signature' into a multitude of individual requests addressed to the various interface s 
of the terminal interface 1 , namely Its interface 6 with the integrated circuit card 31 , its interface 
wfth the display 4, its interface with the keyboard 5 and its interface for connecting it to the PC or 
the server Sap. 

Translation fitter software of this kind has a screening rote, providing a iter between 
the outside world, Le. the applications, and the peripheral devices that it controls. 
H enhances secur ity because* 

1. It imposes a sequencing of the individual instructions sent For example, in the 
situation ilustrated hereinabove, it requires the transaction to be confirmed by the user before it 
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is signed. 

2. It atone has the secret parameters tor generating and authenticating these individual 
instructions. Thus It alone has the authentication and encryption keys for reading ax* decrypting 
the private key. 

5 When the fiter software executes in the secure microprocessor 3 of the terminal 

module 1 these properties enable a poficy of access to the card 31 to be imposed which is not 
always completely imposed by foe cad itself, or tie capadies of a card to be expanded 
(signature capacity delegated to the terminal moduie, use in a context not foreseen when inlafly 
deployed). 

10 The advantages in terms of securty of executing the fitter software in the secure 

microprocessor of the terminal module or the integrated circuit card are possible only because 
the softwwe executes in a secure environment assuring that 

• the secrets contained in the iter software are no! accessible because they are stored In the 
secure microprocessor 3, 29, 30 or 130, 
is • the confidsntiafity and fre integrity of the fitter software are preserved because the software 
is stored in the secure microprocessor 3, 30 or 130. 

tf the terminal module 1 is a dedicated produd hs^ to own interfaces ^ 

keyboard flia tuAw nhtftf tiw ^** i l a w r f h n r an t B thn ftnftwran r n n h iilBnri wwrhr winw rJ 

data with the user cannot be modified because it is permanently stored in the permanent 
20 memory 2c of the microcontroller 2 or securer/ stored In the rracnxontrofler 29. Thus the user 

can confidently confirm the content of their transaction by means of the display 4 and the 

keyboard 5 and the need to verify the identity of the appticatton or the source and the integrity of 

re ques t s becomes optional. 

Other mecrOTisms can fui^ of confidence 

25 between the secure microprocessor of the intonated circuit card, the secure microprocessor of 

the terminal moduie, when present, the standard microcontrolef or the PC of the termini 

moduie and the user. These mechanisms are: 

A) secure downloading of the Miter software; 

8} authentication of the standard mlcrocontroiler by the secure microprocessor or 
30 (which amounts to the same thing but is more suitable in the case of a mode of execution of the 
terminal based on a PC) authentication of the interpreter software module 1 (20) by me fitter 
software F (62) and/or setting up of a secure corwnunfcation channel between these two 
microprocessors or the programs I and F; 
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C) protection of a secret by the standard rnfcrocontroler; 

0) mutual autientfcation and sating up of a secure communication charm! between 
the secure microprocessor of the integrated droit card and the secure rmcroprocessor of the 
terminal module; 

E)authe nS caion of the torminai module and where appicabte of the terminaJ 
modulo/card combination; and 

authentication of th*rr^ 
A) Secure downloading of the filter software 

The figure 10 flowchart Sustrates the process of downloading an appfcation program 
(liter softwane) into the secure microprocessor 3 or 29 of the module 1 or tie secure 
mic rop roce ss or 30, 130 of a cad 31. 131 in the reader 6. This downloading can be effected 
from a server Sap via the PC and the external connecfion Interface 7 or the Infrared fink interface 
8, for example, or directly by means of a telephone connecfion via the DTMF interface 9. The 
downloading can equally be effected into the secure mi cr oproce ss or 3 or 29 (If the terminal 
module has one) from a mlcrocircutt card inserted Into the reader 6. 

In step 32 the area of tie memory 3d allocated to the appfcation program to be 
received is empty and the m ic ro pr oce sso r 3 is waitir^ ^ 
loading request 

The next step 33 corresponds to a procedure tor authentication by the microprocessor 
3 of the entity that wll download the application program (sender). This authentication 
procedure can use encryption mechanisms we§ known to the skHfed person, for example, such 
as symmetrica* m ec ha n i sms using shared secret keys or asymmetrical mechanisms using 
private and public keys. 

Step 34 is a test to determine If the authentefon procedure has succeeded. If It has 
not, the message "access refused* is displayed on the screen 4 (step 42) and the program 
returns to step 32; if authentication has succeeded, the process tor loading the application 
program begins in step 35* 

Step 38 corre s p o nds to storage In tie EEPROM 3d of the date frames sent by the 
entity responsfete tor downloading. 

Step 37 is a test to determine If downloading has finished: if not, the downloading 
program returns to step 36 and Downloading continues: if it has finished, tie microprocessor 3 
verifies the integrity of the received date in step 36. To this end a message authentication code 
(MAC) can be associated with the downloaded program for verifying not only its integrity but also 
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its source. The MAC can be generated using a symmetrical cryptography mechanism (DES in 
charted CSC mode)* The source and integrity can also be verified using an asymmetrical 
cryptography mechanism: a condensate of tie downloaded software is signed by tie sender 
using their private key: the seem microprocessor 3 then verifies tie signature using the 
sender's pubic key. 

Note that In this last example the pubic key in theory does not need to remain 
confidential. The security features of the microprocessor nevertheless assure the integrity of the 
software, preventing a hacker from modifying the software to eliminate the signature verification 
or simply to substitute for the public key tnidally provided a public key lor which they know the 
associated private key. 

if die test 39 indicates that the data received is correct, a flag Mealing that the 
appicafon program received is vafid is generated in step 40. Otherwise the downloading 
program returns to the first stop 32. 

This process of bating tie appfcabon software, and thus the filer software, into tie 
secure reprogrammable memory {3d, 30a, 130a depentfing on the embodiment concerned) 
indudes mechanisms for confirming foe source and the integrity of the data received from the 
sender of the software. This prevents downtoaoSng by a hacker of fitter software that could carry 
out transactions in the temwiaJ moduie 1, 1 01 un known to tie user. 

B) Authentication of the interpreter software module I, 20, 71 by 
the fitter software F, 02 or, which amounts to the same thing In the 
corresponding mode of execution, authentication of the standard 
microcontroller 2 by the secure microprocessor and/or setting up of a 
secure communication channel between the programs or between the 
microprocessors 

For a user to be totally confident in tie terminal module they are using to carry out 
transactions ft is necessary: 

-to authenticate toe data sent from the interpreter software 20, 71 to the secure 
microprocessor 3, 30 or 1 30 executing the fitter software; and 

- to assure that toe data sent by the fitter software to be displayed through the 
intermediary of the user's hterpreter software of the terminal module 1. 101 can onty be 
displayed by toe tetter. 

When the means of controlling exchange of data with the user, Le. the interpreter 
software 20, 71, is installed in the terminal module 1, 101 in a fixed manner and cannot be 
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modled, for example in the ROM 2c of toe standard mfcrocontroter 2, authenticating to 
software module is equivalent to autonticating the mtcrocontrolef. 

L&awtee, when the titer software b irtstafled fn secure processing means such as the 
secure rnteroprocessor 3, the integrated circuit card or the secure server Ssec, in a manner such 
that * cannot be modffied by an unauthorised person, authentication by these secure means is 
equivalent to authentication by the titer software itserf. 

in the fofowcng description the mecha ni sm s for authentication of the software means 
controlling to irrterfaw 71 by the titer software wi! be described. 

Various solutions verify these cortftions. 

A first solution consists in encrypting al the data exchanged between to interpreter 
software 20, 71 and to fitter software. 

A second solution is to have to interpreter software 20, 71 authenticated by the titer 
software and/br to sat-up a secure communication channel between torn. 

These two solutions necessarSy imply that at least one secret parameter known to the 
flter software F 62 is stored m to interpreter software 20. 71. 

in to second solution to lifter software F 62 authenticates the interpreter softwve 20, 
71 using a conventional authentication process based on information sent by to interpreter 
software 20, 71 and combined with to secret parameter. At the level of the interpreter software 
20, 71 this authentication procedure is executed by to software 72 (figure 8A> or the software 
76 (figure 8B), depending on the embodiment of to terminal module concerned. 

TWs authentication mechanism can equaSy be applied to messages ex ch a nged 
between to programs to construct message authentication codes for guaranteeing to source 
and to integrity of each message transmuted. 

In to case of to mode of execution described with reference to fig ure 4A, this solution 
nevertheless requires, for preference, physical protection of to link between to two 
microprocessors to be assured to prevent a hacker from reading the data exchanged and to 
particular the personal identification code (PIN) of to card, which the user may need to enter via 
the keyboard 5 to cany out transactions. 

C) Protection of a secret parameter by the standard 
microcontroller 2 

The foregoing description shows to necessity of storing at least one secret parameter 
in to interpreter software. The mode of execution of the terminal based on a PC, in which the 
interpreter software executes on the PC rtseff, therefore offers a imited degree of security for to 
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PC, atoough this degree of security Is sufficient to prevent a vims substituting ftsetf lor tie 
interpreter software. A higher degree of security is obtained by installing the interpreter software 
in the ROM 2c of the standard microcoriroBer 2. For enhanced security the secret parameter of 
fie mtaoco n fro tt er 2 cot be stored in the temporary memory when the product is manufactured 
or possfoty on inserting the microprocessor 3 if It is removable, or on an integrated circuit card. 
The aim of this operation is to estabfish confidence between the two microprocessors. Al 
necessary precautions must be taken at fte f me of this operation to assure the authenticity of 
the rrtc roco nfr o fl er 2 (operation effected by the manufacturer, operation protected by transport 
keys stored to the temporary memory of the mtcmcontrofter 2 by the manufacturer, and 
knowledge of which ts s precondition for inftfatising said secret parameter). In addition, 
conventional mechanisms for detecting intrusion (contacts, etc) wfll be fitted to erase the 
temporary memory In the event of intrusion (by cutting off the power supply, etc). 

D) Mutual authentication and setting up of a secure 
communication channel between the microprocessor of the Integrated 
circuit card and the secure microproc esso r of the terminal module 

This mutual authentication and the setting up of to secure communication channel are 
effected by mechanisms identical to ftose used by the standard mtcrocontrotter 2 and the secure 
microprocessor executing the fitter software, as described under B) above. 

E) Authentication of the terminal module 

It is important to guard against any attack on tie combination of the keyboard 5, 
display 4 and secure mi cro pr ocessor 3 with the aim of counterfeiting the terminal module, for 
example, substituting a counterfeit temtinal module for a real terminal modute in order to recover 
information entered by the user (keyboard spy) r access the secrets of an integrated circuit card, 
falsify signatures. 

To this end a mechanism can be added to enable to user to authenticate to terminal 
This objective is achieved by an automatic personalisation process. 
Authentication of the terminal module alone 

Personatisation can consist to calculating a password that is easy to remember and 
that is generated and displayed by to terminal in acco rdan ce with secret parameters contained 
in the microprocessor or microprocessors of the terminal when the user enters a PIN. If the 
terminal includes two microprocessors, for example, the password is stored in the secure 
microprocessor, encrypted using the PtH and a secret key X, and then sent to fie microcontroller 
2 where it is decrypted using the key X also stored in the rritfocontroiter 2 and the PtN entered 
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by the user, Has mechisiism alms to protect against substitution of one of the two 
microprocessors. 

The same principle can be appfied to a eard/termina/ combination each time a 
rricroclrcuft card is used with the terminal module. Personaftsation can consist in the translation 
software cafculatng a password based cm secret Infounatiun held by the secure microprocessor 
of the csid and secret Information held by the terminal module, for example. The same principle 
as described hereinabove can be used to calculate the password. This password, generated the 
frst time tie terminal module Is used In conjunction with the card and known to the user, is 
displayed on the screen 4 when the terminal module is used again with the card. The user can 
therefore verify and be assured that the terminal In their p os session, consisting of the terminal 
module connected to the card, is authentic 

F) Authentication of tho mlcroclrcult card by th* terminal module 

To enhance further the security of the transaction system in accordance wife the 
invention, a conventional authentication process can be used for authenfcation by the terminal 
module 1, 101 of the mi croc ta jK card used. An authentication process of the above land 
prevents tie user's personal ide n tification number (PIN), entered by the latter into tie module 1, 
101 via tie keyboard 5 to execute a secured transaction, from being captured by a counterfeit 
card substituted by a hacker fx the user's authentic card and subsequently recovered by the 
hacker to read the PIN off the counterfeit card. This authentication can be effected by a means 
of a c on ventio n al challenge/response type mechanism, for example, using a secret shared 
between the card and tie terminal module and symmetrical cryptography or, as already 
desc ribed, using a private key stood by the card enabing the challenge to be encrypted using 
an asymmetrical algorithm, tie terminal module verifying the response using its public key. 

The architecture of the transaction system and the security mecha nism s deserted 
hereinabove make tran s actors effected by means of toe terminal module 1, 101 highly secure. 

The terminal module: 

* expands he nature of the truly secure services that a rracroctrcuft card can provide, 
thanks to the keyboard 5, the screen 4 and the protection of data exchanged with tie user and 

- enables the card to be used in a non-secure environment (PC susceptible to viruses 
or pirate programs), by hermetically isolating It from this environment by means of a software 
andtor hardware architecture strictly controlling access to the card, i.e. controlling commands 
sent to tie cryptographic functions on the card. 

The terminal module can trice various forms, for example: 
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•an integrated circuit card reader for connection to a computer via various interfaces (PCMCIA, 
elc) or not (connection to a server via modem only); 

•a computer (PC) the user interfaces of vtMch consist In the scree* and toe keyboard of the PC 
and which includes an integrated drcult card reader. The PC wffl include software andfor 
hardware means (such as a secure second microprocessor, the standard m icr opro ce sso r 
consisting of the PC ItseM) for assuring the Integrity and the confidential of the fitter 
software. By computer is meant a PC or a PDA (Personal Digital Assistant); 

•a keyboard, possible provided wit) an LCD display screen, incorporating a secure 
microprocessor and an integrated circuit card interface; 

•a telephone, possible equipped wttt a dteptay, incorporating a secure m ic roproce ss or and an 
Integrated circuit card interface; 

•a cable TV network decoder (set-top box) incorporating an integrated circuft card reader 
connected to a TV, the telephone, a keyboard or possibly the remote controller for the 
decoder or the TV provkfing tie user interface; 

•more generally, any equipment that can be rendered secure by incorporating a secure 
microprocessor in which a sensitive a ppl icatio n can be instated or by i ncor pora&ny an 
integrated droit card interface enablng said equipment to be controlled by an application 
tnsxaaeo mi an inwgimsu Cncun earn. 

The whole of the foregoing description describes a terminal to be used with an 

integrated circuit card or smart card. The card referred to b in fact a tool enabling the use of 

cryptographic functions personaieed to one user by means of at test one secret parameter. 

The object of the invention is dearly not limited to a given form of tod such as an integrated 

drcuit card. The invention also covers the use of personal security devices ottering functions 

equivalent to those of an integrated circuit card but presented in a different form, such as tie 

•iButton", 'Java Ring" and token* products. 
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CLAIMS 

t, A terrrinaf for execution of secure eteOiutfc transactions by a user in conjunction 
with at least one fippication installed on ebi electronic unit, said tsrminaJ coroprisino^ 

- a terminal module including at least 

s * fret Interface means vrith said application for receiving from it requests 

reiatkig to said transactions, 

* second interface means with said user; 

* third interface means with a personal security device, 

* first data proc es s in g means comprising at least first software means for 
io controSmg said interface means, and 

-a personal security device including at least second secure data processing means 
comprising at ieast second software means for executing elementary commands and means for 
executing cryptographic computations, 
characterised In that 
15 * sad terminal (1, 31; 101, 131) is adapted to receive said requests from said 

application (Fap) installed on said electronic unit (Sap; PC) in the form of high-level requests 
independent of said personal security device, 

- at least one of said terminal mod lie (1; 101} ml said personal security device 
comprises ; 

20 * at least one reprogrammable memory (3d; 30a; 102b; 130a; Ssec)for storing 

at least one titer program (F, 62) translating said high-Jevei requests into at least one of 
either: 

(0 at least an elementary command or a sequence of eiementary commands that can 
be executed by sard second software means (80-84) of said second data processing means (30; 
25 130), or 

(1) at test one sequence of data exchanges between said terminal module (1 ; 101) 
and said user via said second interface means (4, 5), which can be executed by said first 
software means (1, 20, 71) of said first data processing means (2; 29; 102). and 

* means for protecting said filter program (F, 62) to prevent an unauthorised 
30 entity from either reading and/or modifying said filter program, and 

- at least one of said first and said second data processing means (3; 29, 30; 102; 130; 
Ssec) comprise a data p r oce ssing device for executing said fitter program (F, 62). 

2. A terrrrinaf according to claim 1 characterised in that sod device for executing the 
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flter program comprises fast means tor Identifying and/or amlwulicayng said appfcation {Fap) 
instated on said electronic unit {Sap; PC) or the source of said requests sent by said appfcafion. 

1 A terminal according to claim 2 characterised in fist said data processing device for 
exaculng said ftter program (F, 62} comprises means for verifying the integrity of date received 
from said appfcation (Fap). 

4. A terminal according to any one of claims 1 to 3 characterised in that sakJ data 
processing device for executing said titer program (F, 62) comprises centraftsed means (Ssec) 
for controifing conditions of use of services of the personal security device (31) in accordance 
with said application (Fap) and/or fee user. 

5. A terminal according to any one of claims 1 to 4 characterised In that said date 
processing device for executing said fitter program (F, 62) comprises: 

- means for commanding loading in a secured manner of said fitter program into said 
programmable memory via said first or said third interface means from an entity external to said 
module, and 

- first access control means for authorising said loading of said titer program only in 
response to at ieast one predefined condition. 

6. A terminal according to any one of daim 1 to 5 characterised to that ft compri se s 
second means for authenticating said first data processing means (2; 3; 29: Ssec) by said 
second date processing means (30; 130). 

7. A terminal according to any one of daims 1 to 6 characterised fin that It comprises 
third means for authenticating said second data processing means (30; 130) by said first date 
processing means (3; 29). 

8. A terminal according to daim 6 or claim 7 c ha racterised in that it comprises a first 
communication channel (6) between said first data processing means (2; 3; 29) and raid second 
data processing means (30; 130) and first means for securing said first communication channel. 

9. A terminal according to any one of daims 1 to 8 characterised in that it co mp ri ses 
fourth means for authentication of said terminal module (1; 101) by said user, independently of 
said personal security device (31; 131). 

10. A terminal according to daim 9 characterised in that said fourth authentication 
means comprise means for calculating by said first dote processing means (2; 3; 29) and for 
presenting to said user via said second interface means (4) a password known to said user 
and calculated on the basis of a first secret parameter stored in sad first date processing means 
(2; 3; 29). 
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11. A terminal according to any one of claims 1 to 10 characterised in that It comprise 
film means for conjoWautwntic^^ 101) and said persona) security 

device (31; 131} by said user. 

1Z A terminal according to daim 11 characterised m that sad frfth authentication 
means comprise means for calculating by sad device for executing said filer program (3; 29; 31; 
131) and for presentating to said user via sa^ 

said user and calculated on the basis of at (east second and Md secret parameters stored 
respectively in memory in said first data processing means (2; 3; 29) and in memory in said 
second data proces si n g means (30; 130). 

13. A termmai accortfng to any one of claims 1 to 12 characterised in that said 
terminal module (1) includes said programmable memory (3d) for loading and storing said filter 
program (F, 62)* 

14. A terminal according to claim 13 characterised in that said fitter program (F, 62) 
generates first commands for implementing saW at least or» sequence of exchanges cf data 
between said terminal modute (1) and said user and said first data processing means comprise a 
first mi cr o p roce sso r (2; 102) for controUng said interface means (4-9) programmed by virtue of 
said first software means (20, 71) for controlling said interface means to execute said first 
commends generated by said fitter program (F, 62), and a second secure microprocessor (3) of 
the integrated circuit card type doposed in said terminal modute and including said 
programmable memory (3d), said second microprocessor (3) executing said fitter program (F , 52) 
to control said at least one sequence of exchanges of data by means of said first commands 
sent to said first microprocessor (2) and for applying sakJ at least one ele menta ry command or 
sequence of elementary commands to said second date processing means, 

15. A terminal according to dakn 14 characterised in that sad first software mem 
(20, 71} for controlling tie interface means include at least a fourth secret parameter, said 
second microprocessor (3) being controlled by said fitter program (F t 62) to authenticate said fast 
software mams (20, 71) for controflmg the interface means on the basis of Information sent by 
said first microprocessor (2) and combined at least with said fourth secret parameter. 

16. A terminal according to daim 15 charac teri sed in that it comprises a second 
communication channel (12) between said first software means (20, 71) for control Bng the 
interface means and said second micro pr ocessor (3) and second means for seeming said 
second communication channel. 

17. A terminal according to claim 16 characterised in that sad second securing means 
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compose means for encryption and decryption by said first software means (20, 71) and by said 
aeoond mcroprocessor (3), erf data sent on said second comrmmicaion channel (12) on the 
basis of at least a ftfth secret parameter stored in memory in ssd first and second data 
processing means. 

18. A terminal according to claim 16 or data 17 characterised in that said second 
secumg means comprise first physical means for protecting said second cafTvrunicatxm 
channel (12) against intrusion. 

19. A terminal according to any one of claims 15 to 1B characterised in that said first 
microprocessor (2) includes a temporary memory (2b) for storing said secret parameter ami 
second means lor physicaly protecting said temporary memory (2b) against intrusion. 

20. A terminal according to any one of damns 14 to 19 characterised in that said 
second microprocessor (2) is a microcontroier. 

21. A terminal according to claim 13 cteracterised in mat said filter pro^ generates 
first commands for implementing rod at least one sequence of data exchanges between said 
terminal module and said user and said first (Ma processing means comprise said device for 
executing said titter program and consist in a secure microprocessor (29) adapted to: 

* execute said titer program (F, 62) for translating and converting said high-level 
requests into at teast one sequence of data exchanges between the temii^ module and the 
user and/or Into at least one elementary command or a sequence of elementary commands that 
can be executed by said second software means of said second data processing means (31), 

•control said interface means (4-9) using said first commands generated by said iter 
program to implement said at toast one sequence of exchanges between said tormina) module 
(1) and said user. 

22. A terminal according to claim 21 characterised in that said microprocessor (29) 
includes said programmable memory. 

23. A terminal according to ciaim 21 characterised in that said programmable memory 
is external to said microprocessor (29). 

24. A terminal according to ciaim 23 characterised in that said fitter program {F, 82) is 
stored in encrypted form in said programmable memory and in that said microprocessor (29) 
comprises means for reading, decrypting and executing said fitter program. 

25. A terminal according to any one of claims 14 to 24 characterised in that said 
second data processing means of said personal security device (31) comprise a second data 
processing device (30) for secure execution of a titer program and a programmable memory 


CA 02330534 2»0«* 10-27 


41 

(30a) for loading and storing said filler program (62). said first software means of said first data 
processing means being adapted to receive said commands for implementing said at least one 
sequence of exchange of data from either of said Star program executing devices (3; 29; 31) 
instated in said module and said personal security device, respectively. 

26. Atemihalaccorc^toany oneof daims 13 to 25 characterised in that 

- said fitter program (F, 62) comprises at least one secret parameter, 

- said second data processing means (30) comprise second means of concftional 
access control for authorising execution of said cryptographic computations in response to 
elementary commands ge n er ated by said fifter program (F, 62) only f at least a second 
predefined condition depending on said secret parameter Is satisfied. 

27. A terminal according to any one of claims 1 to 12 characterised in that said 
pe&onaf security device (131) includes said programmable memory (130a) for loading and 
storing said After program (F, 62). 

28. A terminal according to claim 27 cha r a cte ris e d in that said War program (F, 62) 
generates first commands tor implementing said at least one sequence of exchanges of data 
between said termin&i module (1) and said user and said first data processing means comprise a 
first microprocessor (2; 102) for contorting said interface means (4-9), programmed by said first 
software mem (20, 71). to execute said first commands generated by said fitter program (F, 
62), arid said eecorrt data processing m 

the integrated circuit card type disposed in said personal security device (131) and deluding said 
programmable memory (130a), said second microproce s sor (130) executing 0) s^d fitter 
program (F t 62) for oorrtroSing said at least or»sequefK» erf exchariges of data by means of said 
first commaridssenttosaWfta 

29. A terminal according to dafm 6 and claim 28 characterised in that said first 
software meats (20, 71) for contitHBng said interface means include at least one secret 
parameter and said second microprocessor (130) of said personal security device (131) is 
controlled by said titer software (62) to authenticate said first microprocessor (2) on the basis of 
information sent by said first microprocessor (2) and combined at least with said secret 
parameter. 

30. A terminal according to cteim 28 or claim 29 characterised In that said second 
microprocessor (130) of sad personal security device (131) is adapted to command the loading 
of said iter program <F, 62) into said programmable memory (130a) via sad first interface 


CA 02339534 290«~I**2? 
42 

means (7-9) and said third interface means (6) with said personal security device (131). 

31. A terminal according to any one of claims 13 to 30 ch a rac t eri se d In (tot said 
terminal module (1; 101) is an integrated cireuft card reader and said personal security device Is 
an integrated circuit card (31; 131). 

32 A terminal according to claim 13 characterised in that said terminal modute (1) 
comprises a personal computer (102) and in that said reprogrammable memory b included in the 
hard disk (1Q2b) of said computer 

33. A terminal aoconfing to daim 32 and any one of claims 14 to 17 characterised in 
that said first micro pr oce ss or is the m i cr o processor (102c) of said personal c om pu ter (102), said 
personal computer (102) being also Interfaced to said secure m i cro proces so r (3). 

34. A terminal acoonfing to claim 32 characterised in that said liter program (F) 
comprises a loadfog/decryption first module (Fed) and an encrypted second module (Fctti) for 
said translation of high-level requests, said first module (Fed) commanding die loading of said 
second module (Fchi) into RAM of said computer (102) and its decryption for execution of said 
fifter program by said computer. 

35. A temfeal according to claim 32 characterised in frat said fflter program (F) 
compri se s aft test one first module (F-PC) installed on said personal computer (102) and at least 
one second rroctote (F^E) insta^ 

and said security server (Ssec) being connected by a secure communication channel (CS) 
enabfing protected exchange of data between said modules. 

36. A terminal according to any one ot claims 32 to 35 charac teris ed in that said 
personal security device (31) is an integrated circuit card. 

37. A system for performing secure transactions characterised in that it comprises at 
least one terminal (1, 31; 101, 131) according to any one of daims 1 to 38 ml at least one 
electronic unit (Sap; PC) including means for transmitting said high-level requests to said 
temwiai(1.31;101,131). 

38. A system according to claim 37 characterised in that it comprises a piuraity of 
terminals (1, 31; 101, 131), at least one server (S) constituting said electronic unit and means 
(CR) for sending digital data between said server (S) and said terminals. 
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